Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rsync: apply patches for 6 vulnerabilities #373784

Merged
merged 1 commit into from
Jan 14, 2025
Merged

rsync: apply patches for 6 vulnerabilities #373784

merged 1 commit into from
Jan 14, 2025

Conversation

LeSuisse
Copy link
Member

@LeSuisse LeSuisse commented Jan 14, 2025
edited
Loading

Fixes CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088 and CVE-2024-12747.

https://www.kb.cert.org/vuls/id/952657

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@LeSuisse LeSuisse added 1.severity: security Issues which raise a security issue, or PRs that fix one backport staging-24.11 Backport PR automatically labels Jan 14, 2025
@LeSuisse LeSuisse force-pushed the rsync-sec-jan-25 branch 2 times, most recently from e1b3729 to b1a6594 Compare January 14, 2025 17:49
@LeSuisse LeSuisse changed the base branch from staging to staging-next January 14, 2025 17:49
@mweinelt
Copy link
Member

I don't think we should wait for the release tarball, and instead focus on getting these fixes out.

@LeSuisse LeSuisse changed the base branch from staging-next to master January 14, 2025 18:36
@mweinelt mweinelt marked this pull request as ready for review January 14, 2025 18:44
@LeSuisse LeSuisse changed the title rsync: 3.3.0 -> 3.4.0 rsync: apply patches for 6 vulnerabilities Jan 14, 2025
@LeSuisse
Copy link
Member Author

Updated the commit message to match what's currently done.

mweinelt
mweinelt approved these changes Jan 14, 2025
View reviewed changes
Copy link
Member

@mweinelt mweinelt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. We made the call to move this through master, since staging-next is still blocked on a regression.

@nix-owners nix-owners bot requested review from ehmry and ivan January 14, 2025 18:53
@mweinelt mweinelt merged commit 733994e into NixOS:master Jan 14, 2025
39 of 43 checks passed
@nixpkgs-ci
Copy link
Contributor

nixpkgs-ci bot commented Jan 14, 2025

Successfully created backport PR for staging-24.11:

@nixpkgs-ci nixpkgs-ci bot mentioned this pull request Jan 14, 2025
Merged
1 task
@LeSuisse LeSuisse deleted the rsync-sec-jan-25 branch January 14, 2025 19:08
@mweinelt
Copy link
Member

https://nixpk.gs/pr-tracker.html?pr=373784

@9999years 9999years mentioned this pull request Jan 14, 2025
Closed
13 tasks
@LeSuisse LeSuisse mentioned this pull request Jan 14, 2025
Merged
13 tasks
@nixos-discourse
Copy link

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/vulnerability-notifications-for-nixos/58895/3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mweinelt mweinelt mweinelt approved these changes

@ehmry ehmry Awaiting requested review from ehmry

@ivan ivan Awaiting requested review from ivan

Assignees
No one assigned
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one 10.rebuild-darwin: 501-1000 10.rebuild-linux: 5001+ backport staging-24.11 Backport PR automatically
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@LeSuisse @mweinelt @nixos-discourse